Report - verifybusinessaccount4852.duckdns.org/confirm2.html

Report Overview

Visited public
2023-09-28 00:06:59
Tags
dyndns
URL
verifybusinessaccount4852.duckdns.org/confirm2.html
Finishing URL
verifybusinessaccount4852.duckdns.org/confirm2.html
IP / ASN
103.37.124.105
#0
Title
Facebook
Suspicious - DynDNS domain

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
code.jquery.com	634	2005-12-10	2012-05-21 19:28:02	2023-09-27 18:53:45	485 B	32 kB	151.101.194.137
ocsp.pki.goog	175	2016-06-13	2018-07-01 08:43:07	2023-09-27 18:12:01	666 B	1.4 kB	142.250.74.35
api.ipify.org	3267	2014-01-05	2014-10-06 14:38:43	2023-09-27 05:35:45	475 B	219 B	173.231.16.77
ajax.googleapis.com	12905	2005-01-25	2013-08-16 11:51:31	2023-09-28 00:29:01	456 B	90 kB	142.250.74.74
cdn.jsdelivr.net	439	2012-05-16	2012-09-30 02:15:09	2023-09-27 21:08:12	2.1 kB	121 kB	151.101.129.229
verifybusinessaccount4852.duckdns.org	unknown	2013-04-12	2023-09-27 07:56:22	2023-09-27 17:59:51	1.5 kB	497 kB	103.37.124.105
kit.fontawesome.com	1868	2012-10-18	2019-12-16 20:51:31	2023-09-26 21:21:49	483 B	22 kB	104.18.23.52
ka-f.fontawesome.com	3598	2012-10-18	2019-12-17 07:36:13	2023-09-27 01:21:03	2.1 kB	490 kB	172.64.131.9
upload.wikimedia.org	2215	2003-03-16	2012-05-21 11:39:45	2023-09-26 21:31:07	493 B	1.4 kB	185.15.59.240
ocsp.sectigo.com	487	2018-08-16	2019-11-29 12:50:24	2023-09-27 23:55:00	330 B	963 B	104.18.15.101

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2023-09-28 00:06:41	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-28 00:06:41	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-28 00:06:41	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-28 00:06:41	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-28 00:06:41	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-28 00:06:41	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-28 00:06:43	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-28 00:06:43	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-28 00:06:43	medium	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to a *.duckdns .org Domain
2023-09-28 00:06:43	low	Client IP	Internal IP	ET INFO DYNAMIC_DNS Query to *.duckdns. Domain
2023-09-28 00:06:44	low	Client IP	Internal IP	ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
2023-09-28 00:06:44	low	Client IP	Internal IP	ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
2023-09-28 00:06:44	low	Client IP	Internal IP	ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
2023-09-28 00:06:44	low	Client IP	173.231.16.77	ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

Scan Date	Severity	Indicator	Alert
2023-09-27	medium	verifybusinessaccount4852.duckdns.org/confirm2.html	Facebook, Inc.
2023-09-27	medium	verifybusinessaccount4852.duckdns.org/	Facebook, Inc.
2023-09-27	medium	verifybusinessaccount4852.duckdns.org/	Facebook, Inc.

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (7)

	URL	From	Size	First Seen	Last Seen
	cdn.jsdelivr.net/npm/bootstrap@4.4.1/dist/js/bootstrap.min.js	ScriptElement	60 kB	2023-03-07	2025-05-11
Pretty URL cdn.jsdelivr.net/npm/bootstrap@4.4.1/dist/js/bootstrap.min.js IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 10:19 Times Seen5339 Hash 61f338f870fcd0ff46362ef109d28533 b3c116c65e6f053aaab45e5619a78ec00271a50f 5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548 Loading...

	kit.fontawesome.com/83fd8385f7.js	ScriptElement	12 kB	2023-08-03	2024-11-01
Pretty URL kit.fontawesome.com/83fd8385f7.js IP 104.18.23.52 ASN #13335 CLOUDFLARENET Introduced by scriptElement Embedded in HTML false Observations First Seen2023-08-03 11:27 Last Seen2024-11-01 17:46 Times Seen312 Hash db23c81455aae8811b15da8365d4357b 5a938d7e697a68125be7e0aa8e59486654365d4c 7dc1b850e94055cb2e1d197420f0ac66eb2d8cce333f847533d195ec2e4af2dd Loading...

	ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js	ScriptElement	90 kB	2023-03-07	2025-05-11
Pretty URL ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js IP 142.250.74.74 ASN #15169 GOOGLE Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 12:51 Times Seen205878 Hash 8fb8fee4fcc3cc86ff6c724154c49c42 b82d238d4e31fdf618bae8ac11a6c812c03dd0d4 ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e Loading...

	cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js	ScriptElement	79 kB	2023-03-07	2025-05-11
Pretty URL cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:03 Last Seen2025-05-11 11:52 Times Seen11913 Hash 0aa8d64e726c4a57adb5c88f9115996b 901169527507ff9e662cf64d8e361f359308970d 7e1f1503df765cca5e099891b94e318a2ef95081ba2af1eb6d417cc884bfdbfe Loading...

	verifybusinessaccount4852.duckdns.org/confirm2.html	ScriptElement	1.8 kB	2023-07-16	2024-09-19
Pretty URL verifybusinessaccount4852.duckdns.org/confirm2.html IP 103.37.124.105 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-16 01:33 Last Seen2024-09-19 20:15 Times Seen116 Hash 111741d133a212b1c4e87c19c57dda9c 24260e83e5799cf368e9b68513226362eaeebf86 b76ab9ba79439a75efb8321e17f8a7e91bf9b44d87a4833560d20acdd4a3d442 Loading...

	verifybusinessaccount4852.duckdns.org/confirm2.html	ScriptElement	982 B	2023-07-16	2024-09-19
Pretty URL verifybusinessaccount4852.duckdns.org/confirm2.html IP 103.37.124.105 ASN #0 Introduced by scriptElement Embedded in HTML true Observations First Seen2023-07-16 01:33 Last Seen2024-09-19 20:15 Times Seen117 Hash ca2a2c14520d1ab16287d54dd88d3af2 27a9a3ec59e2bdac2d1f81bbdbf3d45a4eef13c9 7f22e701f29c6bb43b14a2924c088291fa29898f65d79206383efe6221882f82 Loading...

	cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js	ScriptElement	21 kB	2023-03-07	2025-05-11
Pretty URL cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js IP 151.101.129.229 ASN #54113 FASTLY Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:02 Last Seen2025-05-11 11:14 Times Seen5552 Hash 84415b7368fd6fc764cbe86039ce0626 62f238e73348c77eb9e865426a7d1b7de23cbb2d c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060 Loading...

HTTP Transactions (19)

URL IP Response Size

cdn.jsdelivr.net/npm/bootstrap@4.4.1/dist/css/bootstrap.min.css

151.101.129.229

200 OK

26 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@4.4.1/dist/css/bootstrap.min.css
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://verifybusinessaccount4852.duckdns.org/confirm2.html
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (65324)
Size
26 kB (26116 bytes)
Hash
7cc40c199d128af6b01e74a28c5900b0
d305110fb79113a961394b433d851a3410342b8c
2ff5b959fa9f6b4b1d04d20a37d706e90039176ab1e2a202994d9580baeebfd6

HTTP Headers

GET /npm/bootstrap@4.4.1/dist/css/bootstrap.min.css HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/css,*/*;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://verifybusinessaccount4852.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://verifybusinessaccount4852.duckdns.org/
Sec-Fetch-Dest: style
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
x-jsd-version: 4.4.1
x-jsd-version-type: version
etag: W/"26f1b-0wURD7eRE6lhOUtDPYUaNBA0K4w"
content-encoding: br
accept-ranges: bytes
date: Thu, 28 Sep 2023 00:06:42 GMT
age: 4801738
x-served-by: cache-fra-eddf8230099-FRA, cache-bma1650-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 26116
X-Firefox-Spdy: h2

verifybusinessaccount4852.duckdns.org/confirm2.html

103.37.124.105

200 OK

150 kB

URL User Request GET HTTP/1.1
verifybusinessaccount4852.duckdns.org/confirm2.html
IP
103.37.124.105:443
ASN
#0

Certificate
IssuercPanel, Inc.
Subjectverifybusinessaccount4852.duckdns.org
FingerprintC3:2F:BA:07:BF:36:94:EC:E1:AA:D2:AE:1E:5F:DC:79:23:9C:44:2F
ValidityWed, 27 Sep 2023 00:00:00 GMT - Tue, 26 Dec 2023 23:59:59 GMT

File type
HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- HTML document text\012- exported SGML document, ASCII text, with very long lines (33799)
Size
150 kB (149685 bytes)
Hash
b393b65c674d1fbf9c66993926a2907c
7e656b191f7ce0fb7e8b12793ed5123c03ca0ad4
a754f555ff209d74fdb84be164fdb3debfe51a1f0691a3a312a2a5d02d3742ae

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /confirm2.html HTTP/1.1
Host: verifybusinessaccount4852.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Sep 2023 00:06:42 GMT
Server: Apache
Last-Modified: Wed, 27 Sep 2023 05:57:06 GMT
Accept-Ranges: bytes
Content-Length: 149685
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html

cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js

151.101.129.229

200 OK

24 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://verifybusinessaccount4852.duckdns.org/confirm2.html
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (65299)
Size
24 kB (23943 bytes)
Hash
0aa8d64e726c4a57adb5c88f9115996b
901169527507ff9e662cf64d8e361f359308970d
7e1f1503df765cca5e099891b94e318a2ef95081ba2af1eb6d417cc884bfdbfe

HTTP Headers

GET /npm/bootstrap@5.0.2/dist/js/bootstrap.bundle.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://verifybusinessaccount4852.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://verifybusinessaccount4852.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 5.0.2
x-jsd-version-type: version
etag: W/"13397-kBFpUnUH/55mLPZNjjYfNZMIlw0"
content-encoding: br
accept-ranges: bytes
date: Thu, 28 Sep 2023 00:06:43 GMT
age: 11008797
x-served-by: cache-fra-eddf8230080-FRA, cache-bma1650-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 23943
X-Firefox-Spdy: h2

cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js

151.101.129.229

200 OK

7.8 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/popper.js@1.16.0/dist/umd/popper.min.js
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://verifybusinessaccount4852.duckdns.org/confirm2.html
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (21084)
Size
7.8 kB (7835 bytes)
Hash
84415b7368fd6fc764cbe86039ce0626
62f238e73348c77eb9e865426a7d1b7de23cbb2d
c776195ad46333c6c9a9fe3c74502ffea9a02faf122388ea3567922cc65a3060

HTTP Headers

GET /npm/popper.js@1.16.0/dist/umd/popper.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://verifybusinessaccount4852.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://verifybusinessaccount4852.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 1.16.0
x-jsd-version-type: version
etag: W/"5309-YvI45zNIx3656GVCan0bfeI8uy0"
content-encoding: br
accept-ranges: bytes
date: Thu, 28 Sep 2023 00:06:43 GMT
age: 10396496
x-served-by: cache-fra-eddf8230104-FRA, cache-bma1650-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 7835
X-Firefox-Spdy: h2

kit.fontawesome.com/83fd8385f7.js

104.18.23.52

200 OK

21 kB

URL GET HTTP/2
kit.fontawesome.com/83fd8385f7.js
IP
104.18.23.52:443
ASN
#13335 CLOUDFLARENET

Requested by
https://verifybusinessaccount4852.duckdns.org/confirm2.html
Certificate
IssuerDigiCert Inc
Subject*.fontawesome.com
Fingerprint6C:69:02:A7:9B:07:84:8E:D0:3D:0A:10:61:8E:01:80:88:37:EF:5E
ValidityTue, 22 Nov 2022 00:00:00 GMT - Sat, 23 Dec 2023 23:59:59 GMT

File type
gzip compressed data, from Unix\012- data
Size
21 kB (21248 bytes)
Hash
01ff5012dc1c0c1bf739fb19d2b85737
37936d50d2af2bc9965d7b05ba22f51a1fa2d7a3
c13dba3c4badcf99ac37e09980a9582ac4d2dda8b5f307930f01e9956fcd8353

HTTP Headers

GET /83fd8385f7.js HTTP/1.1
Host: kit.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://verifybusinessaccount4852.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://verifybusinessaccount4852.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Sep 2023 00:06:42 GMT
content-type: text/javascript
access-control-allow-headers: accept, accept-langauge, content-language, content-type, fa-kit-token
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: *
access-control-max-age: 3000
cache-control: max-age=60, public, stale-while-revalidate=30
vary: origin, accept-encoding, access-control-request-headers, access-control-request-method
x-request-id: F4jEv4joklZnWlInNooh
cf-cache-status: HIT
age: 8
server: cloudflare
cf-ray: 80d7bdf5dbc2b521-OSL
content-encoding: gzip
X-Firefox-Spdy: h2

code.jquery.com/jquery-3.6.0.min.js

151.101.194.137

200 OK

31 kB

URL GET HTTP/2
code.jquery.com/jquery-3.6.0.min.js
IP
151.101.194.137:443
ASN
#54113 FASTLY

Requested by
https://verifybusinessaccount4852.duckdns.org/confirm2.html
Certificate
IssuerSectigo Limited
Subject*.jquery.com
FingerprintD2:19:0A:AD:CE:BB:9C:61:17:5D:29:4B:A2:54:E8:C6:91:B8:F9:8D
ValidityTue, 11 Jul 2023 00:00:00 GMT - Sun, 14 Jul 2024 23:59:59 GMT

File type
ASCII text, with very long lines (65447)
Size
31 kB (30875 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /jquery-3.6.0.min.js HTTP/1.1
Host: code.jquery.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://verifybusinessaccount4852.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://verifybusinessaccount4852.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx
content-type: application/javascript; charset=utf-8
last-modified: Fri, 18 Oct 1991 12:00:00 GMT
etag: W/"28feccc0-15d9d"
cache-control: public, max-age=31536000, stale-while-revalidate=604800
access-control-allow-origin: *
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
accept-ranges: bytes
date: Thu, 28 Sep 2023 00:06:43 GMT
age: 621503
x-served-by: cache-lga21931-LGA, cache-bma1627-BMA
x-cache: HIT, HIT
x-cache-hits: 30, 173536
x-timer: S1695859604.627044,VS0,VE0
vary: Accept-Encoding
content-length: 30875
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0bbd1e938700d156e361c1ab8640f3bd
20e70357b360a225b5094714bc89889fd045aa14
7e4f05e6aba3abeaf61da9d17ed8d5518df3bc493c3b319eb29faa4c282fb8db

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 28 Sep 2023 00:06:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ka-f.fontawesome.com/releases/v6.4.2/css/free-v5-font-face.min.css?token=83fd8385f7

172.64.131.9

200 OK

31 kB

URL GET HTTP/2
ka-f.fontawesome.com/releases/v6.4.2/css/free-v5-font-face.min.css?token=83fd8385f7
IP
172.64.131.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://verifybusinessaccount4852.duckdns.org/confirm2.html
Certificate
IssuerGoogle Trust Services LLC
Subjectka-f.fontawesome.com
Fingerprint64:27:AB:CA:DB:24:8C:C9:87:09:13:04:21:49:9C:6A:4E:DD:97:93
ValiditySun, 10 Sep 2023 05:39:32 GMT - Sat, 09 Dec 2023 05:39:31 GMT

File type
ASCII text, with very long lines (608)
Size
31 kB (31315 bytes)
Hash
dbf296002d53e56d340b105d9d764940
bfc98f20287b5f7a435766adc779bd74c4ce4280
0e81443469aa4b967191ce19b7474eb223746a2b8d5dc42d3786da84d99dfad9

HTTP Headers

GET /releases/v6.4.2/css/free-v5-font-face.min.css?token=83fd8385f7 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://verifybusinessaccount4852.duckdns.org/
Origin: https://verifybusinessaccount4852.duckdns.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Sep 2023 00:06:43 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Tue, 01 Aug 2023 19:07:56 GMT
etag: W/"dbf296002d53e56d340b105d9d764940"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
x-cache: Hit from cloudfront
via: 1.1 eb3d2bd89447108973b8d2779fc789e4.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: hASaOyMylJJpYBuUHPu8Ri2u_9dd8KFR3qey73zILQAWB2d1q9DAEw==
age: 50586
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rbk9C1fwFtOjR3UBTFz5ZPoNHuGZLabBXRWg1y7xT1xKmcbvZ7O9h178ng68jaNFk2xCmC9kDupGa21LBVlDj6WRbcDMG5Q4zTe%2F8H8Dxp6wcNCJg1iMXmhILpqN1rdMHiuPUQTqfA%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 80d7bdf7c84b7725-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

ocsp.pki.goog/gts1c3

142.250.74.35

471 B

URL
ocsp.pki.goog/gts1c3
IP
142.250.74.35:0
ASN
#15169 GOOGLE

File type
data
Size
471 B (471 bytes)
Hash
0bbd1e938700d156e361c1ab8640f3bd
20e70357b360a225b5094714bc89889fd045aa14
7e4f05e6aba3abeaf61da9d17ed8d5518df3bc493c3b319eb29faa4c282fb8db

HTTP Headers

POST /gts1c3 HTTP/1.1
Host: ocsp.pki.goog
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Thu, 28 Sep 2023 00:06:43 GMT
Cache-Control: public, max-age=14400
Server: ocsp_responder
Content-Length: 471
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN

ka-f.fontawesome.com/releases/v6.4.2/css/free-v4-shims.min.css?token=83fd8385f7

172.64.131.9

200 OK

78 kB

URL GET HTTP/2
ka-f.fontawesome.com/releases/v6.4.2/css/free-v4-shims.min.css?token=83fd8385f7
IP
172.64.131.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://verifybusinessaccount4852.duckdns.org/confirm2.html
Certificate
IssuerGoogle Trust Services LLC
Subjectka-f.fontawesome.com
Fingerprint64:27:AB:CA:DB:24:8C:C9:87:09:13:04:21:49:9C:6A:4E:DD:97:93
ValiditySun, 10 Sep 2023 05:39:32 GMT - Sat, 09 Dec 2023 05:39:31 GMT

File type
ASCII text, with very long lines (27377)
Size
78 kB (77714 bytes)
Hash
da06df503ced6ee507b5fb4fa0999f74
d10d67ffa9c263e24c43b1df7fa3ba8f2dee2c36
236e285339a2a692e9491d356489cdf83513cfb1add049a0620123d644e47554

HTTP Headers

GET /releases/v6.4.2/css/free-v4-shims.min.css?token=83fd8385f7 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://verifybusinessaccount4852.duckdns.org/
Origin: https://verifybusinessaccount4852.duckdns.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Sep 2023 00:06:43 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Tue, 01 Aug 2023 19:07:56 GMT
etag: W/"da06df503ced6ee507b5fb4fa0999f74"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 24639548230786af4bba1a9e26c6080e.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: ub6Nb31zC_dI2f3RKdz-Gy34Ln58DtX4T5XJ37lz_PmNttXq5Xmjog==
age: 50586
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=b5aCKMWj1G%2BZ%2FSb3PdVstDDg7l1bkgtoi1PArqNxLNRt6%2FTkESNiBmYFDgTlbkbIvby5RrI2%2FHcykERvDKDcImj7qj7zWQytyGrcDbzZlO24HT006OgIj5YuDN%2Bv3TSv1QsorA2J1g%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80d7bdf7b8437725-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

upload.wikimedia.org/wikipedia/commons/5/51/Facebook_f_logo_%282019%29.svg

185.15.59.240

200 OK

265 B

URL GET HTTP/2
upload.wikimedia.org/wikipedia/commons/5/51/Facebook_f_logo_%282019%29.svg
IP
185.15.59.240:443
ASN
#14907 WIKIMEDIA

Requested by
https://verifybusinessaccount4852.duckdns.org/confirm2.html
Certificate
IssuerDigiCert Inc
Subject*.wikipedia.org
Fingerprint91:D4:DD:DD:2F:F9:18:E0:19:07:D8:6B:C7:54:54:F1:1A:8F:2C:DC
ValidityThu, 27 Oct 2022 00:00:00 GMT - Fri, 17 Nov 2023 23:59:59 GMT

File type
SVG Scalable Vector Graphics image\012- , ASCII text, with very long lines (358), with no line terminators
Size
265 B (265 bytes)
Hash
ce0c8188520a88e43c81e611847721ac
a90feacc04182f95fa6daf663a2a9861b470857c
0225596ff7a58f75d7558ca613ff56066f16117276fafa669e207672e6448abb

HTTP Headers

GET /wikipedia/commons/5/51/Facebook_f_logo_%282019%29.svg HTTP/1.1
Host: upload.wikimedia.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://verifybusinessaccount4852.duckdns.org/
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Wed, 27 Sep 2023 04:17:09 GMT
server: ATS/9.1.4
etag: W/ce0c8188520a88e43c81e611847721ac
content-type: image/svg+xml
x-object-meta-sha1base36: jqxuxf8zsvmr9w4ubfr58fktkadka64
last-modified: Thu, 20 Aug 2020 10:11:57 GMT
content-encoding: gzip
vary: Accept-Encoding
age: 71374
x-cache: cp3078 hit, cp3078 hit/295
x-cache-status: hit-front
server-timing: cache;desc="hit-front", host;desc="cp3078"
strict-transport-security: max-age=106384710; includeSubDomains; preload
report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] }
nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0}
x-client-ip: 91.90.42.154
x-content-type-options: nosniff
access-control-allow-origin: *
access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache
timing-allow-origin: *
accept-ranges: bytes
content-length: 265
X-Firefox-Spdy: h2

ocsp.sectigo.com/

104.18.15.101

471 B

URL
ocsp.sectigo.com/
IP
104.18.15.101:0
ASN
#13335 CLOUDFLARENET

File type
data
Size
471 B (471 bytes)
Hash
535bb6ff9190fda88fa1889c1a1e036e
1ce79104d11e75b6c1a276f118c04eb1765c33c0
d4b93ae24caf7f6b237bccb85b40fee498b2319de21b881662367a7e593afb64

HTTP Headers

POST / HTTP/1.1
Host: ocsp.sectigo.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/ocsp-request
Content-Length: 83
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Sep 2023 00:06:44 GMT
Content-Type: application/ocsp-response
Content-Length: 471
Connection: keep-alive
Last-Modified: Wed, 27 Sep 2023 15:08:11 GMT
Expires: Wed, 04 Oct 2023 15:08:10 GMT
Etag: "1ce79104d11e75b6c1a276f118c04eb1765c33c0"
Cache-Control: max-age=572137,s-maxage=1800,public,no-transform,must-revalidate
X-CCACDN-Proxy-ID: mcdpinlb1
X-Frame-Options: SAMEORIGIN
CF-Cache-Status: DYNAMIC
Server: cloudflare
CF-RAY: 80d7be004e80b505-OSL

api.ipify.org/?format=json

173.231.16.77

200 OK

21 B

URL GET HTTP/1.1
api.ipify.org/?format=json
IP
173.231.16.77:443
ASN
#18450 WEBNX

Requested by
https://verifybusinessaccount4852.duckdns.org/confirm2.html
Certificate
IssuerSectigo Limited
Subject*.ipify.org
FingerprintF4:76:2D:2C:65:D1:15:BE:19:A4:C5:E0:8D:EB:89:1A:B6:75:4A:54
ValidityTue, 07 Feb 2023 00:00:00 GMT - Sun, 18 Feb 2024 23:59:59 GMT

File type
JSON data\012- , ASCII text, with no line terminators
Size
21 B (21 bytes)
Hash
7d69c71af0f191e9a72db6153f8018d1
f67c5f2887bc05654b47f76e9621e53a4091aed1
5bac6e06cf0e1ad38c55f9f9d12122272bf4b8157877629fe68cd33fe2133c65

HTTP Headers

GET /?format=json HTTP/1.1
Host: api.ipify.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://verifybusinessaccount4852.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://verifybusinessaccount4852.duckdns.org/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Server: nginx/1.25.1
Date: Thu, 28 Sep 2023 00:06:44 GMT
Content-Type: application/json
Content-Length: 21
Connection: keep-alive
Access-Control-Allow-Origin: *
Vary: Origin

ka-f.fontawesome.com/releases/v6.4.2/css/free-v4-font-face.min.css?token=83fd8385f7

172.64.131.9

200 OK

274 kB

URL GET HTTP/2
ka-f.fontawesome.com/releases/v6.4.2/css/free-v4-font-face.min.css?token=83fd8385f7
IP
172.64.131.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://verifybusinessaccount4852.duckdns.org/confirm2.html
Certificate
IssuerGoogle Trust Services LLC
Subjectka-f.fontawesome.com
Fingerprint64:27:AB:CA:DB:24:8C:C9:87:09:13:04:21:49:9C:6A:4E:DD:97:93
ValiditySun, 10 Sep 2023 05:39:32 GMT - Sat, 09 Dec 2023 05:39:31 GMT

File type
ASCII text, with very long lines (1560)
Size
274 kB (274253 bytes)
Hash
9b853b50f37dd0ca770ce0f294d427df
06cafaca197afda406bc5a72bcd6474758e51e65
6c58c4804370b9c347d517491c450416ca371fb1403aceaa1d6f751403b07c48

HTTP Headers

GET /releases/v6.4.2/css/free-v4-font-face.min.css?token=83fd8385f7 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://verifybusinessaccount4852.duckdns.org/
Origin: https://verifybusinessaccount4852.duckdns.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Sep 2023 00:06:43 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Tue, 01 Aug 2023 19:07:56 GMT
etag: W/"9b853b50f37dd0ca770ce0f294d427df"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 cb8e2cd001e8928a49dc551941d5c7da.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: yFGVzYKVR9snGlB1s7-ZrTuY_humGrZbcGq1JaqnJ5mwePoxQFLY3g==
age: 50586
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=tl%2FLFJjhHtv0c3hJI%2B3uZHedyq6wMFvUk9UlJ6YWCOZjp2MN0FNME2F%2BIfG7FiiAag7qoaru1tu%2FrH8Prn12N7ztaoYyb6OrVb1Y1WSHSVUD3fu0d%2FfDZbBV4MPjkxx8P7bBlvpG8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80d7bdf7c8547725-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

verifybusinessaccount4852.duckdns.org/recovery.png

103.37.124.105

200 OK

274 kB

URL GET HTTP/1.1
verifybusinessaccount4852.duckdns.org/recovery.png
IP
103.37.124.105:443
ASN
#0

Requested by
https://verifybusinessaccount4852.duckdns.org/confirm2.html
Certificate
IssuercPanel, Inc.
Subjectverifybusinessaccount4852.duckdns.org
FingerprintC3:2F:BA:07:BF:36:94:EC:E1:AA:D2:AE:1E:5F:DC:79:23:9C:44:2F
ValidityWed, 27 Sep 2023 00:00:00 GMT - Tue, 26 Dec 2023 23:59:59 GMT

File type
PNG image data, 1340 x 1338, 8-bit/color RGBA, non-interlaced\012- data
Size
274 kB (273625 bytes)
Hash
0b6c07045c1d1b275b9a60b47daa63e7
659f97c7e778c62e672328eff61ed9053db4d50a
c7fa8b6a6d8fb4ff2b71397516a22e120028fd6f023591e255a8910ff32a8fae

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /recovery.png HTTP/1.1
Host: verifybusinessaccount4852.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://verifybusinessaccount4852.duckdns.org/confirm2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Sep 2023 00:06:43 GMT
Server: Apache
Last-Modified: Wed, 12 Jul 2023 01:15:28 GMT
Accept-Ranges: bytes
Content-Length: 273625
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: image/png

cdn.jsdelivr.net/npm/bootstrap@4.4.1/dist/js/bootstrap.min.js

151.101.129.229

200 OK

60 kB

URL GET HTTP/2
cdn.jsdelivr.net/npm/bootstrap@4.4.1/dist/js/bootstrap.min.js
IP
151.101.129.229:443
ASN
#54113 FASTLY

Requested by
https://verifybusinessaccount4852.duckdns.org/confirm2.html
Certificate
IssuerGlobalSign nv-sa
Subjectjsdelivr.net
Fingerprint05:87:2C:BA:73:14:21:54:82:00:8B:AD:85:8F:E9:C6:4D:C7:66:09
ValidityWed, 27 Sep 2023 18:13:13 GMT - Mon, 28 Oct 2024 18:13:12 GMT

File type
ASCII text, with very long lines (59729)
Size
60 kB (60010 bytes)
Hash
61f338f870fcd0ff46362ef109d28533
b3c116c65e6f053aaab45e5619a78ec00271a50f
5aa53525abc5c5200c70b3f6588388f86076cd699284c23cda64e92c372a1548

HTTP Headers

GET /npm/bootstrap@4.4.1/dist/js/bootstrap.min.js HTTP/1.1
Host: cdn.jsdelivr.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://verifybusinessaccount4852.duckdns.org
DNT: 1
Connection: keep-alive
Referer: https://verifybusinessaccount4852.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
access-control-allow-origin: *
access-control-expose-headers: *
timing-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000, immutable
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
x-jsd-version: 4.4.1
x-jsd-version-type: version
etag: W/"ea6a-s8EWxl5vBTqqtF5WGaeOwAJxpQ8"
content-encoding: br
accept-ranges: bytes
date: Thu, 28 Sep 2023 00:06:43 GMT
age: 3193355
x-served-by: cache-fra-eddf8230118-FRA, cache-bma1650-BMA
x-cache: HIT, HIT
vary: Accept-Encoding
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 17008
X-Firefox-Spdy: h2

ka-f.fontawesome.com/releases/v6.4.2/css/free.min.css?token=83fd8385f7

172.64.131.9

200 OK

103 kB

URL GET HTTP/2
ka-f.fontawesome.com/releases/v6.4.2/css/free.min.css?token=83fd8385f7
IP
172.64.131.9:443
ASN
#13335 CLOUDFLARENET

Requested by
https://verifybusinessaccount4852.duckdns.org/confirm2.html
Certificate
IssuerGoogle Trust Services LLC
Subjectka-f.fontawesome.com
Fingerprint64:27:AB:CA:DB:24:8C:C9:87:09:13:04:21:49:9C:6A:4E:DD:97:93
ValiditySun, 10 Sep 2023 05:39:32 GMT - Sat, 09 Dec 2023 05:39:31 GMT

File type
ASCII text, with very long lines (65321)
Size
103 kB (102749 bytes)
Hash
ae737a19e46fd502ba9cbe9e33213861
a4b5d757af122c49259d4398807e62d4ca6f2493
5e0821588462d15b0ff8e911760fc041332c162e2e30ab4b1071bcc8eb6c8223

HTTP Headers

GET /releases/v6.4.2/css/free.min.css?token=83fd8385f7 HTTP/1.1
Host: ka-f.fontawesome.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://verifybusinessaccount4852.duckdns.org/
Origin: https://verifybusinessaccount4852.duckdns.org
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 28 Sep 2023 00:06:43 GMT
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET
access-control-max-age: 3000
last-modified: Tue, 01 Aug 2023 19:07:56 GMT
etag: W/"ae737a19e46fd502ba9cbe9e33213861"
x-amz-server-side-encryption: AES256
cache-control: max-age=31556926
access-control-allow-headers: fa-kit-token
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 7fcc9354bd594831abf31608fb6cde60.cloudfront.net (CloudFront)
x-amz-cf-pop: LHR50-P1
x-amz-cf-id: OEaNKnRoeWfVg-NjtlttJEahlDUbebR0udriLXaqVpd5JAhTdJMPCQ==
age: 50586
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2Aa8VmqPSzuW9NX92V71%2BWkNZ1UCKA6IeVYvVHaDy%2FsUT1u4oybf%2FqA5g%2BV6OaxXLwUo3wbERX4RF8j1KTW4yXCKcQBPwwyX36CmEEGpmnsXvd7D3zzXXmEk4cow15JIgl37ik73ww%3D%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 80d7bdf778087725-LHR
content-encoding: br
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2

verifybusinessaccount4852.duckdns.org/Facebook_f_logo.png

103.37.124.105

200 OK

73 kB

URL GET HTTP/1.1
verifybusinessaccount4852.duckdns.org/Facebook_f_logo.png
IP
103.37.124.105:443
ASN
#0

Requested by
https://verifybusinessaccount4852.duckdns.org/confirm2.html
Certificate
IssuercPanel, Inc.
Subjectverifybusinessaccount4852.duckdns.org
FingerprintC3:2F:BA:07:BF:36:94:EC:E1:AA:D2:AE:1E:5F:DC:79:23:9C:44:2F
ValidityWed, 27 Sep 2023 00:00:00 GMT - Tue, 26 Dec 2023 23:59:59 GMT

File type
PNG image data, 2048 x 2048, 8-bit/color RGBA, non-interlaced\012- data
Size
73 kB (73382 bytes)
Hash
65df09dbb9166f247de083239cf4afd8
7d326258e869741b8558de74710a977274520cc0
79c20677cdad62f33798382bf81b3fd30044d1f49b8952995d9a6d7c704e7e70

Detections

Analyzer	Verdict	Alert
urlquery	suspicious	Suspicious - DynDNS domain
OpenPhish	phishing	Facebook, Inc.

HTTP Headers

GET /Facebook_f_logo.png HTTP/1.1
Host: verifybusinessaccount4852.duckdns.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://verifybusinessaccount4852.duckdns.org/confirm2.html
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache

HTTP/1.1 200 OK
Date: Thu, 28 Sep 2023 00:06:43 GMT
Server: Apache
Last-Modified: Wed, 12 Jul 2023 01:15:28 GMT
Accept-Ranges: bytes
Content-Length: 73382
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
Content-Type: image/png

ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js

142.250.74.74

200 OK

90 kB

URL GET HTTP/2
ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js
IP
142.250.74.74:443
ASN
#15169 GOOGLE

Requested by
https://verifybusinessaccount4852.duckdns.org/confirm2.html
Certificate
IssuerGoogle Trust Services LLC
Subjectupload.video.google.com
FingerprintBE:40:3A:A6:DE:CC:A7:8B:75:43:68:F2:F9:56:63:71:49:61:06:49
ValidityMon, 04 Sep 2023 08:23:18 GMT - Mon, 27 Nov 2023 08:23:17 GMT

File type
ASCII text, with very long lines (65447)
Size
90 kB (89501 bytes)
Hash
8fb8fee4fcc3cc86ff6c724154c49c42
b82d238d4e31fdf618bae8ac11a6c812c03dd0d4
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e

HTTP Headers

GET /ajax/libs/jquery/3.6.0/jquery.min.js HTTP/1.1
Host: ajax.googleapis.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/111.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://verifybusinessaccount4852.duckdns.org/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
content-encoding: gzip
access-control-allow-origin: *
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
timing-allow-origin: *
content-length: 31017
x-content-type-options: nosniff
server: sffe
x-xss-protection: 0
date: Fri, 22 Sep 2023 10:05:21 GMT
expires: Sat, 21 Sep 2024 10:05:21 GMT
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
age: 482482
last-modified: Wed, 10 Mar 2021 14:28:09 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

Report Overview

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (7)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

HTTP Transactions (19)

URL GET HTTP/2

IP

ASN

Requested by

Certificate

File type

Size

Hash

HTTP Headers

URL User Request GET HTTP/1.1

IP

ASN

Certificate

File type

Size

Hash

Detections